The Question

SuperUser reader Kyle Cronin wants to know if such email obfuscation techniques are worth the hassle:

Most of the time when I see someone post their email address online, especially if it’s a personal address, they use something like

me [at] example [dot] com

instead of the actual email address (me@example.com). Even top members of this community use similar styles in their profiles:

jt.superuser[AT]gmail[DOT]com

quixote dot su over yonder near that gmail place

The typical rationale is that this kind of obfuscation prevents the email address from being automatically recognized and harvested by spammers. In an age where spammers can beat all but the most diabolical captchas, is this really true? And given how effective modern spam filters are, does it really matter if your email address is harvested?

Given that it’s a hassle for the actual humans you’re trying to communication with (and potentially not much of a hassle for the harvester bots you’re trying to avoid) it’s worth digging deeper to find out if the techniques are really effective.

The Answer

SuperUser contributor Akira offers up a study on the matter to support using obfuscation:

Some time ago I stumbled upon the post of someone who created a honeypot and waited for differently obsfucated email-addresses coming back:

// and then add it to the DOM (eg, via $('.email).append(m); // jquery)

Replacing ‘@’ and ‘.’ with Entities 1.6 MB

xyz&#64;example&#46;com

Splitting E-Mail with comments 7.1 MB

xyz<!-- eat this spam -->@<!-- yeah! -->example<!-- shoo -->com

Urlencode 7.9 MB

xyz%40example.com

Plain Text 21 MB

xyz@example.com

This is the original statistical graph made by Silvan Mühlemann, all credit goes towards him:

So, to answer the question: Yes, (in a way) email obsfucation works.

Contributor ak86 weighs in, noting that whatever you gain through obfuscation you lose through inconvenience to yourself and your fellow emailer:

There was an interesting article by Cory Doctorow recently on this subject here which argued that email obfuscation doesn’t serve much purpose, and a more optimal approach is intelligently managing the spam you get.
TL;DR version:

The objective of this entire exercise is not to reduce the amount of spam you get in your email, but the amount of spam you manually have to remove from your inbox.

Email obfuscation is a constant battle to come up with ever sophisticated bot-proof, human-readable encoding, and is a drain on the productivity of both the creator, and the correspondent.

“Almost any email address that you use for any length of time eventually becomes widely enough known that you should assume all the spammers have it.”

“The convenience of stable, easily copy-pastable email addresses” wins over trying to hide from the spambots.

Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

Jason FitzpatrickJason Fitzpatrick is the Editor in Chief of Review Geek, How-To Geek's sister site focused on product reviews, roundups, and deals. He has over a decade of experience in publishing and has authored thousands of articles at Review Geek, How-To Geek, and Lifehacker. Read Full Bio »